Core Impact Pro Exploits and Security Updates

Core Impact Pro Exploits and Security Updates

When you buy Core Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact Pro keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
WeBid converter Remote Code Execution Exploit Input passed via the "from" and "to" POST parameters to converter.php is not properly sanitised before being stored in includes/currencies.php. This can be exploited to inject and execute arbitrary PHP code. NOCVE-9999-53406 Exploits/Remote Code Execution Solaris, Linux, Windows, Mac OS X
Openfiler Remote Code Execution Exploit Insufficient sanitization in Openfile's /admin/system.html 'Hostname' field, leads to remote code execution. NOCVE-9999-65590 Exploits/Remote Code Execution Linux
OP5 license Remote Code Execution Exploit op5 Appliance contains an input validation flaw related to the system-portal component that allows a remote attacker to execute arbitrary shell commands via command injection. CVE-2012-0261 Exploits/Remote Code Execution none
JBoss EJBInvokerServlet Java Deserialization Vulnerability Remote Code Execution Exploit JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary java objects leading to remote code execution. This vulnerability affects the EJBInvokerServlet component of the server. NOCVE-9999-75005 Exploits/Remote Code Execution Windows, Linux
JBoss Application Server DeploymentFileRepository Remote Code Execution Exploit A directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server allows remote attackers who are able to access the console manager to create files on arbitrary locations of the filesystem. This can be abused to gain execution of arbitrary code by sending special HTTP requests to the JMX Console. CVE-2006-5750 Exploits/Remote Code Execution Windows, Linux
Atlassian FishEye Struts 2 ParametersInterceptor Remote Code Execution Exploit The ParametersInterceptor class of XWork framework, part of the Struts 2 web framework, as shipped with Atlassian FishEye, does not properly restrict access to server-side objects. This can be exploited by remote unauthenticated attackers to modify server-side objects and e.g. execute arbitrary commands via specially crafted OGNL (Object-Graph Navigation Language) expressions. CVE-2010-1870 Exploits/Remote Code Execution Windows, Solaris, Linux
CA Total Defense UNCWS Web Service exportReport Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The exportReport method makes use of the uncsp_GenerateReports_Dashboard stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. NOCVE-9999-51517 Exploits/Remote Code Execution Windows
Symantec Web Gateway blocked_file.php Remote Code Execution Exploit The spywall/blocked_file.php script of Symantec Web Gateway allows remote unauthenticated users to upload files with arbitrary extensions. This can be abused by attackers to execute arbitrary PHP code on vulnerable systems. CVE-2012-0299 Exploits/Remote Code Execution Linux
CA Total Defense UNCWS Web Service UnAssignAdminUsers Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The UnAssignAdminUsers method makes use of the uncsp_UnassignAdminRoles stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Code Execution Windows
Oracle Secure Backup Remote Command Execution Exploit This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port 443. The script login.php does not properly sanitize the 'username' variable before using it in a database query. A specially crafted 'username' allows unauthorized attackers to log in with full administrative capabilities. CVE-2009-1977 Exploits/Remote Code Execution Windows, Solaris
JBoss Enterprise Application Platform JMX Console Authentication Bypass Remote Code Execution Exploit The JMX-Console web application in JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. This module will exploit this vulnerability to deploy an agent by uploading a JSP file to the target server. CVE-2010-0738 Exploits/Remote Code Execution Linux
Apache mod_isapi Denial of Service Exploit The Apache HTTP Server, commonly referred to as Apache, is a popular open source web server software. mod_isapi is a core module of the Apache package that implements the Internet Server extension API. The extension allows Apache to serve Internet Server extensions (ISAPI .dll modules) for Microsoft Windows based hosts. By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability. CVE-2010-0425 Denial of Service/Remote Windows
PHP Hash Table Collisions DoS This module sends HTTP requests with specially crafted data making the PHP interpreter to consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-4885 Denial of Service/Remote Solaris, AIX, Windows, Linux, OpenBSD, FreeBSD
Iconics Genesis SCADA HMI Genbroker Server DoS GenBroker runs as a Windows service on port 38080 when Iconics Genesis 32 is installed. This service is affected by an integer overflow vulnerability during the handling of inbound packets, caused by the allocation of the memory needed for the creation of an array trusting the number of elements passed by the client. NOCVE-9999-47722 Denial of Service/Remote Windows
OpenBSD DHCP Remote DoS Update This module exploits a vulnerability in DHCP Server in OpenBSD. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This cause a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278. CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD
MSRPC MSDTC Allocation MS06-018 DoS Update This is a denial of service exploit for a vulnerability in the MSDTC component of windows systems (MS06-018). This update fixes the correct CVE number (CVE-2006-1184) CVE-2006-1184 Denial of Service/Remote Windows
Microsoft Windows SMTP Server MX Record Vulnerability DoS (MS10-024) Update This update fixes some mistakes in the module documentation. This module exploits a vulnerability on Microsoft Windows SMTP Server 64 bits sending a malformed DNS response from a spoofed DNS Server. CVE-2010-0024 Denial of Service/Remote Windows
Sun Java System Web Server Digest DoS Multiple vulnerabilities have been identified in Sun Java System Web Server, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by buffer overflow errors when processing malformed "TRACE" or "OPTIONS" requests, or overly long "Authorization: Digest" headers, which could be exploited by attackers to crash an affected server or execute arbitrary code. This exploit forces the server process to throw an unhandled exception and be restarted. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0387 Denial of Service/Remote Solaris, Windows, Linux, AIX
Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer DoS This module exploits a vulnerability in Apple CUPS, when handling the IPP_TAG_UNSUPPORTED which could be exploited by attackers to cause a remote pre-authentication denial of service. CVE-2009-0949 Denial of Service/Remote Linux, Mac OS X
Microsoft ASP.NET Hash Table Collisions DoS (MS11-100) This module sends HTTP requests with specially crafted data making the ASP.NET subsystem consume lot of resources. This attack prevents the victim server from processing requests from legitimate clients and probably will make the server non-operational. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2011-3414 Denial of Service/Remote Windows
MetaServer RT Packet Processing Remote DoS The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a crash via a specially crafted packet sent to TCP port 2194. NOCVE-9999-50146 Denial of Service/Remote Windows
ISC BIND Dynamic Update Message DoS Exploit Update A vulnerability has been identified in ISC BIND, which could be exploited by remote attackers to cause a denial of service. This issue is caused due to the "dns_db_findrdataset()" function failing when the prerequisite section of a dynamic update message contains a record of type "ANY" and where at least one RRset for this FQDN exists on the server, which could allow attackers to cause a vulnerable server to exit when receiving a specially crafted dynamic update message sent to a zone for which the server is the master. This update adds more supported platforms to the exploit. CVE-2009-0696 Denial of Service/Remote Solaris, AIX, Linux, Mac OS X
MSRPC UMPNPMGR MS05-47 DoS This module exploits a buffer overflow and force the remote machine to reboot (MS05-047). CVE-2005-2120 Denial of Service/Remote Windows
ISC BIND TKEY assert DoS This module exploits a vulnerability while handling TKEY queries in the BIND service to cause a DoS. CVE-2015-5477 Denial of Service/Remote Solaris, Linux
IIS FTP LIST Stack Exhaustion DoS This exploit forces the IIS process inetinfo.exe to throw an unhandled exception. IIS' behavior depends on the operating system version, its configuration and the system-wide debugger specified in the registry. By default under Windows 2000 Advanced Server 2000 the server will automatically restart. Under Windows 2000 Professional a message box will pop up in the console and the server will not be restarted until a user presses [OK]. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2009-2521 Denial of Service/Remote Windows
OpenBSD PF IP ICMPV6 Remote DoS OpenBSD's PF is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a kernel panic on affected computers, denying further service to legitimate users. NOCVE-9999-37988 Denial of Service/Remote OpenBSD
Citrix EdgeSight Remote DoS Citrix EdgeSight is prone to a Denial of Service within the LauncherService.exe component which listens by default on TCP port 18747. When handling a request the process trusts a user supplied field in the packet specifying the length of data to follow, the process then copies the user supplied data, without validation, into a fixed-length buffer on the heap. NOCVE-9999-48569 Denial of Service/Remote Windows
Microsoft Windows NFS NULL Dereference DoS (MS13-014) This modules exploits a Windows kernel vulnerability in "nfssvr.sys" by sending a NFS file renaming crafted request to the target. This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2013-1281 Denial of Service/Remote Windows
OpenSSL DTLS ChangeCipherSpec DoS ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. CVE-2009-1386 Denial of Service/Remote Linux, FreeBSD
OpenBSD DHCP Remote DoS This module exploits a vulnerability in DHCP Server in OpenBSD. The vulnerability is caused due to the improper handling of DHCP requests within dhcpd in the cons_options() function in options.c. This cause a stack-based buffer corruption by sending a specially crafted DHCP request specifying a maximum message size smaller than 278. This module, if successfull, will leave the service (dhcpd) unavailable. CVE-2007-5365 Denial of Service/Remote Linux, OpenBSD